#! /bin/sh /usr/share/dpatch/dpatch-run
## 07_sh_using_tmp.patch.dpatch by  <Torsten Werner <twerner@debian.org>>
##
## All lines beginning with `## DP:' are a description of the patch.
## DP: This patch fixes most of the /tmp file vulnerabilities.

@DPATCH@
diff -urNad lazarus-0.9.24-0~/tools/install/build_fpc_snaphot_rpm.sh lazarus-0.9.24-0/tools/install/build_fpc_snaphot_rpm.sh
--- lazarus-0.9.24-0~/tools/install/build_fpc_snaphot_rpm.sh	2007-09-15 11:15:53.000000000 +0200
+++ lazarus-0.9.24-0/tools/install/build_fpc_snaphot_rpm.sh	2008-08-24 21:52:34.000000000 +0200
@@ -52,7 +52,7 @@
 #------------------------------------------------------------------------------
 
 # create a temporary copy of the fpc sources to patch it
-TmpDir=/tmp/`whoami`/fpc
+TmpDir=$(mktemp -d)
 rm -rf $TmpDir
 
 echo "extracting FPC from local svn ..."
diff -urNad lazarus-0.9.24-0~/tools/install/check_fpc_dependencies.sh lazarus-0.9.24-0/tools/install/check_fpc_dependencies.sh
--- lazarus-0.9.24-0~/tools/install/check_fpc_dependencies.sh	2007-08-05 23:40:11.000000000 +0200
+++ lazarus-0.9.24-0/tools/install/check_fpc_dependencies.sh	2008-08-24 21:53:54.000000000 +0200
@@ -8,7 +8,7 @@
 
 # try to compile a program
 echo Testing fpc ...
-TmpDir=/tmp/fpc
+TmpDir=$(mktemp -d)
 rm -rf $TmpDir
 mkdir -p $TmpDir
 TestPas=$TmpDir/test.pas
diff -urNad lazarus-0.9.24-0~/tools/install/create_fpc-src_rpm.sh lazarus-0.9.24-0/tools/install/create_fpc-src_rpm.sh
--- lazarus-0.9.24-0~/tools/install/create_fpc-src_rpm.sh	2006-09-09 23:58:49.000000000 +0200
+++ lazarus-0.9.24-0/tools/install/create_fpc-src_rpm.sh	2008-08-24 22:00:17.000000000 +0200
@@ -54,6 +54,7 @@
   > $SpecFile
   
 # copy custom rpm scripts
+# FIXME: writing into /tmp is broken! This script is not used by Debian.
 cp smart_strip.sh /tmp/smart_strip.sh
 chmod a+x /tmp/smart_strip.sh
 cp do_nothing.sh /tmp/do_nothing.sh
diff -urNad lazarus-0.9.24-0~/tools/install/create_fpc_deb.sh lazarus-0.9.24-0/tools/install/create_fpc_deb.sh
--- lazarus-0.9.24-0~/tools/install/create_fpc_deb.sh	2007-07-28 12:29:01.000000000 +0200
+++ lazarus-0.9.24-0/tools/install/create_fpc_deb.sh	2008-08-24 22:03:17.000000000 +0200
@@ -86,7 +86,7 @@
 #------------------------------------------------------------------------------
 # create a temporary copy of the fpc sources to patch it
 
-TmpDir=/tmp/fpc_patchdir
+TmpDir=$(mktemp -d)
 if [ "$WithTempDir" = "yes" ]; then
   if [ -d $TmpDir ]; then
     rm -rf $TmpDir/*
diff -urNad lazarus-0.9.24-0~/tools/install/create_fpc_export_tgz.sh lazarus-0.9.24-0/tools/install/create_fpc_export_tgz.sh
--- lazarus-0.9.24-0~/tools/install/create_fpc_export_tgz.sh	2006-06-04 12:21:15.000000000 +0200
+++ lazarus-0.9.24-0/tools/install/create_fpc_export_tgz.sh	2008-08-24 22:06:43.000000000 +0200
@@ -20,24 +20,21 @@
   exit
 fi
 
+TEMPDIR=$(mktemp -d)
 if [ "x$Download" = "xyes" ]; then
   echo "downloading fpc svn ..."
-  cd /tmp
-  rm -rf /tmp/fpc
-  svn export http://svn.freepascal.org/svn/fpc/trunk fpc
-  cd -
+  svn export http://svn.freepascal.org/svn/fpc/trunk $TEMPDIR/fpc
 else
   echo "extracting fpc from local svn ..."
-  rm -rf /tmp/fpc
-  svn export $SourceDir /tmp/fpc
+  svn export $SourceDir $TEMPDIR/fpc
 fi
 
-cd /tmp
+cd $TEMPDIR
 echo "packing ..."
-tar cvzf /tmp/fpc.tgz fpc
+tar cvzf fpc.tgz fpc
 cd -
-mv /tmp/fpc.tgz $OutputFile
-rm -rf /tmp/fpc
+mv $TEMPDIR/fpc.tgz $OutputFile
+rm -rf $TEMPDIR
 
 # end.
 
diff -urNad lazarus-0.9.24-0~/tools/install/create_fpc_rpm.sh lazarus-0.9.24-0/tools/install/create_fpc_rpm.sh
--- lazarus-0.9.24-0~/tools/install/create_fpc_rpm.sh	2006-09-09 23:53:36.000000000 +0200
+++ lazarus-0.9.24-0/tools/install/create_fpc_rpm.sh	2008-08-24 22:07:07.000000000 +0200
@@ -51,7 +51,7 @@
 #------------------------------------------------------------------------------
 
 # create a temporary copy of the fpc sources to patch it
-TmpDir=/tmp/fpc_patchdir
+TmpDir=$(mktemp -d)
 if [ "$WithTempDir" = "yes" ]; then
   if [ -d $TmpDir ]; then
     rm -rf $TmpDir/*
diff -urNad lazarus-0.9.24-0~/tools/install/create_fpc_tgz_from_local_dir.sh lazarus-0.9.24-0/tools/install/create_fpc_tgz_from_local_dir.sh
--- lazarus-0.9.24-0~/tools/install/create_fpc_tgz_from_local_dir.sh	2006-06-04 12:21:15.000000000 +0200
+++ lazarus-0.9.24-0/tools/install/create_fpc_tgz_from_local_dir.sh	2008-08-24 22:07:52.000000000 +0200
@@ -32,7 +32,7 @@
   exit -1
 fi
 
-TmpBaseDir=/tmp
+TmpBaseDir=$(mktemp -d)
 TmpDir=$TmpBaseDir/fpc
 
 rm -rf $TmpDir
diff -urNad lazarus-0.9.24-0~/tools/install/create_lazarus_deb.sh lazarus-0.9.24-0/tools/install/create_lazarus_deb.sh
--- lazarus-0.9.24-0~/tools/install/create_lazarus_deb.sh	2007-11-02 16:18:01.000000000 +0100
+++ lazarus-0.9.24-0/tools/install/create_lazarus_deb.sh	2008-08-24 22:08:32.000000000 +0200
@@ -59,7 +59,7 @@
 LazRelease='0'
 SrcTGZ=lazarus-$LazVersion-$LazRelease.tar.gz
 CurDir=`pwd`
-TmpDir=/tmp/lazarus$LazVersion
+TmpDir=$(mktemp -d)
 LazBuildDir=$TmpDir/lazarus_build
 LazDeb=$CurDir/lazarus_${LazVersion}-${LazRelease}_$Arch.deb
 DebianSrcDir=$CurDir/debian_lazarus
diff -urNad lazarus-0.9.24-0~/tools/install/create_lazarus_export_tgz.sh lazarus-0.9.24-0/tools/install/create_lazarus_export_tgz.sh
--- lazarus-0.9.24-0~/tools/install/create_lazarus_export_tgz.sh	2007-03-21 22:55:19.000000000 +0100
+++ lazarus-0.9.24-0/tools/install/create_lazarus_export_tgz.sh	2008-08-24 22:10:21.000000000 +0200
@@ -17,29 +17,26 @@
   exit
 fi
 
+TEMPDIR=$(mktemp -d)
 if [ "x$Download" = "xyes" ]; then
   echo "downloading lazarus svn ..."
-  cd /tmp
-  rm -rf /tmp/lazarus
-  svn export http://svn.freepascal.org/svn/lazarus/trunk lazarus
-  cd -
+  svn export http://svn.freepascal.org/svn/lazarus/trunk $TEMPDIR/lazarus
 else
   echo "extracting lazarus from local svn ..."
   SourceDir=$(pwd | sed -e 's#lazarus[_0-9]*/tools.*$#lazarus#')
-  rm -rf /tmp/lazarus
-  svn export $SourceDir /tmp/lazarus
+  svn export $SourceDir $TEMPDIR/lazarus
 fi
 
 # add ide/revision.inc
 Revision=$(svnversion /tmp/lazarus)
 echo "const RevisionStr = '$Revision';" > /tmp/lazarus/ide/revision.inc
 
-cd /tmp
+cd $TEMPDIR
 echo "packing ..."
 tar cvzf lazarus.tgz lazarus
 cd -
-mv /tmp/lazarus.tgz $OutputFile
-rm -rf /tmp/lazarus
+mv $TEMPDIR/lazarus.tgz $OutputFile
+rm -rf $TEMPDIR
 
 # end.
 
diff -urNad lazarus-0.9.24-0~/tools/install/create_lazarus_rpm.sh lazarus-0.9.24-0/tools/install/create_lazarus_rpm.sh
--- lazarus-0.9.24-0~/tools/install/create_lazarus_rpm.sh	2007-03-20 19:28:48.000000000 +0100
+++ lazarus-0.9.24-0/tools/install/create_lazarus_rpm.sh	2008-08-24 22:10:40.000000000 +0200
@@ -24,7 +24,7 @@
 LazRelease='0' # $(echo $FPCRPM | sed -e 's/-/_/g')
 Src=lazarus-$LazVersion-$LazRelease.tar.gz
 SrcTGZ=$(./rpm/get_rpm_source_dir.sh)/SOURCES/$Src
-TmpDir=/tmp/lazarus$LazVersion
+TmpDir=$(mktemp -d)
 SpecFile=rpm/lazarus-$LazVersion-$LazRelease.spec
 
 # download lazarus svn if needed
diff -urNad lazarus-0.9.24-0~/tools/install/create_lazarus_slacktgz.sh lazarus-0.9.24-0/tools/install/create_lazarus_slacktgz.sh
--- lazarus-0.9.24-0~/tools/install/create_lazarus_slacktgz.sh	2007-10-22 14:03:32.000000000 +0200
+++ lazarus-0.9.24-0/tools/install/create_lazarus_slacktgz.sh	2008-08-24 22:12:22.000000000 +0200
@@ -20,11 +20,12 @@
 Date=$Year$Month$Day
 LazVersion=$(./get_lazarus_version.sh)
 LazRelease='0' # $(echo $FPCRPM | sed -e 's/-/_/g')
-Src=/tmp/lazarus-$LazVersion-$LazRelease.tar.gz
-TmpDir=/tmp/lazarus$LazVersion
+TEMPBASE=$(mktemp -d)
+Src=$TEMPBASE/lazarus-$LazVersion-$LazRelease.tar.gz
+TmpDir=$TEMPBASE/lazarus$LazVersion
 DescFile=slacktgz/slack-desc
 DepFile=slacktgz/slack-required
-BuildRoot=/tmp/lazaruspackage/
+BuildRoot=$TEMPBASE/lazaruspackage/
 SrcDir="$TmpDir/lazarus"
 Where=`pwd`
 
@@ -69,13 +70,13 @@
     ln -sf /usr/lib/lazarus/lazbuild usr/bin/lazbuild
     cat $SrcDir/docs/lazbuild.1 | gzip > $BuildRoot/usr/man/man1/lazbuild.1.gz
 
-/sbin/makepkg -l y -c y /tmp/lazarus-$LazVersion-i486-$LazRelease.tgz
+/sbin/makepkg -l y -c y $TEMPBASE/lazarus-$LazVersion-i486-$LazRelease.tgz
 cd
 
 #Clean up
 rm -fr $BuildRoot  $TmpDir
     
-echo "The new slackware tgz can be found at: /tmp/lazarus-$LazVersion-i486-$LazRelease.tgz"
+echo "The new slackware tgz can be found at: $TEMPBASE/lazarus-$LazVersion-i486-$LazRelease.tgz"
 echo "A source package is has been created at: $Src"
 # end.
 
diff -urNad lazarus-0.9.24-0~/tools/install/create_lazarus_snapshot_rpm.sh lazarus-0.9.24-0/tools/install/create_lazarus_snapshot_rpm.sh
--- lazarus-0.9.24-0~/tools/install/create_lazarus_snapshot_rpm.sh	2007-09-15 11:15:53.000000000 +0200
+++ lazarus-0.9.24-0/tools/install/create_lazarus_snapshot_rpm.sh	2008-08-24 22:14:02.000000000 +0200
@@ -36,12 +36,7 @@
   exit
 fi
 
-User=`whoami`
-TmpFPCDir=/tmp/$User/fpc
-if [ -e $TmpFPCDir ]; then
-  rm -rf $TmpFPCDir
-fi 
-mkdir -p $TmpFPCDir
+TmpFPCDir=$(mktemp -d)
 cd $TmpFPCDir
 rpm2cpio $FPCRPM | cpio -id 
 FPCVersion=`usr/bin/fpc -iV`
@@ -57,7 +52,7 @@
 # create a temporary copy of the lazarus sources for packaging
 LazVersion=$(./get_lazarus_version.sh)
 LazRelease=`echo $FPCRPM | sed -e 's/-/_/g'`
-TmpDir=/tmp/`whoami`/lazarus
+TmpDir=$(mktemp -d)
 
 rm -rf $TmpDir
 echo "extracting Lazarus source from local svn ..."
diff -urNad lazarus-0.9.24-0~/tools/install/cross_unix/create_linux_cross_win32_deb.sh lazarus-0.9.24-0/tools/install/cross_unix/create_linux_cross_win32_deb.sh
--- lazarus-0.9.24-0~/tools/install/cross_unix/create_linux_cross_win32_deb.sh	2007-10-16 22:32:10.000000000 +0200
+++ lazarus-0.9.24-0/tools/install/cross_unix/create_linux_cross_win32_deb.sh	2008-08-24 22:16:28.000000000 +0200
@@ -122,7 +122,7 @@
   Arch=i386
   PackageName=fpc_crosswin32
   ResourceDir=$CurDir/debian_crosswin32
-  FPCBuildDir=/tmp/fpc_build
+  FPCBuildDir=$(mktemp -d)
   FPCDeb=$CurDir/${PackageName}_${FPCVersion}-${FPCRelease}_$Arch.deb
   DebianInstallDir=$FPCBuildDir/usr
   DebianRulezDir=$FPCBuildDir/DEBIAN/
diff -urNad lazarus-0.9.24-0~/tools/install/cross_unix/create_linux_cross_win32_rpm.sh lazarus-0.9.24-0/tools/install/cross_unix/create_linux_cross_win32_rpm.sh
--- lazarus-0.9.24-0~/tools/install/cross_unix/create_linux_cross_win32_rpm.sh	2006-09-09 23:53:36.000000000 +0200
+++ lazarus-0.9.24-0/tools/install/cross_unix/create_linux_cross_win32_rpm.sh	2008-08-24 22:17:02.000000000 +0200
@@ -110,7 +110,7 @@
   #----------------------------------------------------------------------------
   # create temporary directory
   #----------------------------------------------------------------------------
-  TmpSrcDir=/tmp/fpc_crosswin32
+  TmpSrcDir=$(mktemp -d)
   echo "create temporary directory $TmpSrcDir ..."
   rm -rf $TmpSrcDir
   mkdir -p $TmpSrcDir
diff -urNad lazarus-0.9.24-0~/tools/install/macosx/makefpcsnapshot.sh lazarus-0.9.24-0/tools/install/macosx/makefpcsnapshot.sh
--- lazarus-0.9.24-0~/tools/install/macosx/makefpcsnapshot.sh	2007-09-18 11:06:42.000000000 +0200
+++ lazarus-0.9.24-0/tools/install/macosx/makefpcsnapshot.sh	2008-08-24 22:20:01.000000000 +0200
@@ -87,16 +87,14 @@
 
 # clean installdir: since I am not root and the install dir can contain files owned by root 
 # created by a previous freeze, I just move it out of the way
-if [ ! -d /tmp/`whoami`/trash ] ; then
-  mkdir -p /tmp/`whoami`/trash
-fi
+TRASHDIR=$(mktemp -d)
 
 set +e
 rm -rf $INSTALLDIR
 set -e
 
 if [ -d $INSTALLDIR ]; then
-  mv $INSTALLDIR /tmp/`whoami`/trash/
+  mv $INSTALLDIR $TRASHDIR
 fi
 mkdir -p $INSTALLDIR
 make install PP=$COMPILER INSTALL_PREFIX=$INSTALLDIR
diff -urNad lazarus-0.9.24-0~/tools/install/macosx/makefpcsrcsnapshot.sh lazarus-0.9.24-0/tools/install/macosx/makefpcsrcsnapshot.sh
--- lazarus-0.9.24-0~/tools/install/macosx/makefpcsrcsnapshot.sh	2007-03-05 10:22:06.000000000 +0100
+++ lazarus-0.9.24-0/tools/install/macosx/makefpcsrcsnapshot.sh	2008-08-24 22:20:47.000000000 +0200
@@ -51,10 +51,7 @@
 
 # clean installdir: since I am not root and the install dir can contain files owned by root 
 # created by a previous freeze, I just move it out of the way
-TRASHDIR=/tmp/`whoami`/trash
-if [ ! -d $TRASHDIR ] ; then
-  mkdir -p $TRASHDIR
-fi
+TRASHDIR=$(mktemp -d)
 if [ -d $INSTALLDIR ] ; then
   mv $INSTALLDIR $TRASHDIR/fpcsrc-`date +%Y%m%d%H%M%S`
 fi
diff -urNad lazarus-0.9.24-0~/tools/install/macosx/makelazsnapshot.sh lazarus-0.9.24-0/tools/install/macosx/makelazsnapshot.sh
--- lazarus-0.9.24-0~/tools/install/macosx/makelazsnapshot.sh	2007-05-09 22:33:10.000000000 +0200
+++ lazarus-0.9.24-0/tools/install/macosx/makelazsnapshot.sh	2008-08-24 22:21:28.000000000 +0200
@@ -55,10 +55,7 @@
 
 # clean builddir: since I am not root and the install dir can contain files owned by root 
 # created by a previous freeze, I just move it out of the way
-TRASHDIR=/tmp/`whoami`/trash
-if [ ! -d $TRASHDIR ] ; then
-  mkdir -p $TRASHDIR
-fi
+TRASHDIR=$(mktemp -d)
 if [ -d $BUILDDIR ] ; then
   mv $BUILDDIR $TRASHDIR/lazbuild-`date +%Y%m%d%H%M%S`
 fi
